diff --git a/src/invidious/config.cr b/src/invidious/config.cr index c4ddcdb3..c05f5824 100644 --- a/src/invidious/config.cr +++ b/src/invidious/config.cr @@ -82,6 +82,7 @@ class Config # Used to tell Invidious it is behind a proxy, so links to resources should be https:// property https_only : Bool? + property login_only : Bool? # HMAC signing key for CSRF tokens and verifying pubsub subscriptions property hmac_key : String = "" # Domain to be used for links to resources on the site where an absolute URL is required diff --git a/src/invidious/routes/before_all.cr b/src/invidious/routes/before_all.cr index 5695dee9..81a139e0 100644 --- a/src/invidious/routes/before_all.cr +++ b/src/invidious/routes/before_all.cr @@ -61,18 +61,6 @@ module Invidious::Routes::BeforeAll env.response.headers["Strict-Transport-Security"] = "max-age=31536000; includeSubDomains; preload" end - return if { - "/sb/", - "/vi/", - "/s_p/", - "/yts/", - "/ggpht/", - "/api/manifest/", - "/videoplayback", - "/latest_version", - "/download", - }.any? { |r| env.request.resource.starts_with? r } - if env.request.cookies.has_key? "SID" sid = env.request.cookies["SID"].value @@ -100,6 +88,24 @@ module Invidious::Routes::BeforeAll end end + unregistered_path_whitelist = {"/", "/login", "/licenses", "/privacy"} + if CONFIG.login_only && !env.get?("user") && !unregistered_path_whitelist.includes?(env.request.path) + env.response.headers["Location"] = "/login" + haltf env, status_code: 302 + end + + return if { + "/sb/", + "/vi/", + "/s_p/", + "/yts/", + "/ggpht/", + "/api/manifest/", + "/videoplayback", + "/latest_version", + "/download", + }.any? { |r| env.request.resource.starts_with? r } + dark_mode = convert_theme(env.params.query["dark_mode"]?) || preferences.dark_mode.to_s thin_mode = env.params.query["thin_mode"]? || preferences.thin_mode.to_s thin_mode = thin_mode == "true"